With v3, Windows Intune Takes a Stand in the Enterprise

I always felt that Microsoft’s move to evolve its on-premises servers into online services would pay big dividends with smaller businesses. After all, the company’s servers are complex and costly, both to acquire and to administer, and far beyond the capabilities of most small businesses. But Microsoft’s highest-profile cloud services -- Azure and Office 365 -- have seen decidedly better adoption with mid-sized businesses and the enterprise. And now it’s happening with Windows Intune as well.

Intune, in case you’re unfamiliar, is Microsoft’s cloud-based PC management service, sort of a little brother to the System Center family of on-premises solutions. In its first rendition, which shipped in late 2010, System Center offered basic PC management capabilities such as centralized software updating and simpler, flatter policies that operated outside of (and didn't require) Active Directory and Group Policy. Version 2, which shipped in late 2011, added software deployment capabilities.

I’ve used Intune quite a bit and think it’s classic Microsoft software in that it takes a previously expensive and complex technology -- PC management, in this case -- and brings it down to the masses. But Intune has come up short in one key area, in my opinion. It’s just too expensive at $11 per user per month. Compare this price to the Office 365 P1 subscription offering for small businesses -- $6 per user per month -- and you can perhaps see the issue.

I was rather hoping to see a small-business bundle that combined Office 365 and Intune and cost $11 per month. That would be an amazing value, regardless of whether any work was done to combine the management of both services on the back end.

But from what I can tell, that’s not happening. And more to the point, as is the case with Office 365, it’s pretty clear that the biggest uptick Microsoft has seen with Intune hasn’t come from the small business market at all, as I expected. It’s come instead from the enterprise.

The reasons for this are obvious in retrospect, and not just because of the pricing. (Though I do feel that’s a big part of it.) And that’s because Intune addresses an issue related to the consumerization of IT, a subset of that phenomenon that Microsoft is now calling BYOD, or Bring Your Own Device. And that’s more of an issue, from a management perspective, with bigger businesses than it is with smaller ones.

Consider a large corporation, possibly one that's distributed across various geographical locations, which might be in different cities, states, or even companies. Many employees will want to work from home, using their own PCs and devices -- smartphones, tablets, and, soon, Windows 8-based devices -- or otherwise work outside of the protected corporate network.

In the old days, protecting employees’ computers involved bringing them in-house from time to time, either physically or virtually, using VPNs or similar solutions. Once safely behind the firewall, they could be updated to meet the corporate security standard of the day. And then they’d be set free into the real world once again. How quaint is that?

(Even quainter: Remember when you had to go to a specific physical location and use a particular PC in order to get work done?)

Intune makes sense even for those environments that already have centralized PC management through System Center or similar, specifically because in today’s world, many machines used by employees will never be properly touched by said solutions. And, sure enough, that’s what’s happened.

So with the latest version of Intune, now in testing and due for a late 2012 release, Microsoft is really embracing the enterprise. Intune 3, as I call, picks up Exchange ActiveSync (EAS)-based device management, for iOS devices (iPhone, iPad), Android handsets and tablets, and Windows Phones. And in keeping with its not-quite-subset-of-System-Center standing, Intune even offers a few features System Center doesn’t. Key among them is iOS and Android app deployment capabilities. (Windows Phone can't “side load” apps right now because of its security model.)

Intune 3 also offers integration with Windows Azure Active Directory, the same directory service that's used by Office 365. This is a nicety for smaller organizations but crucial for any that wants to sync pre-existing users and security groups, rather than manually recreate them in Intune as before.

I still think Windows Intune can find a happy home in small businesses if a price cut is offered. But in its current form, Microsoft seems to have found a nice niche in the enterprise as well.